In line with this belief, many businesses are not taking these and other so-called advanced persistent threats (APTs) into consideration as part of their information security strategy, but is this wise?

No, is the answer, according to cyber threat specialists at the Online Threats Managed Services (OTMS) group of RSA, EMC’s security division.

“This attitude of ‘it won’t happen to me’ has got to be broken; all businesses and organisations must understand that it can and probably will happen to them,” said Daniel Cohen, head of business development and knowledge delivery at RSA’s OTMS.

RSA is seeing APT-style attacks on Fortune 500 companies and small to medium-sized businesses alike.

For this reason, said Cohen, all organisations should have a plan to follow in the event of a cyber attack and all employees should know the drill.

Security teams should also have a firm mitigation plan in place and be able to execute it with military precision, Cohen said, once a breach has been detected and extent of the breach has been determined.

Lack of security budget is a common challenge, but smaller companies have got to learn to start getting more out of their existing investments, said Cohen, such as activity logging systems.

“Smaller companies should be looking at their logs to see what is going on in their networks and be on the lookout for anomalous activity,” he said.

Cohen believes cloud-based systems could be of help in this regard as they have made log analysis capability more easily affordable for smaller organisations.

Wherever possible, he said, organisations should look at implementing systems that can analyse behaviour on the network in real-time to identify anomalous activity and enable security teams to track back from points of infection to determine the exact extent of the breach.

All organisations have to put some work into focusing on advanced threats and make protecting against them part of their basic security strategy, he said.

Cohen emphasises the need for information security teams to have a plan of action to follow in the event of a breach.

“It is important to understand what is happening and avoid knee-jerk responses that may create opportunities for cyber criminals to step up the attack and gain tactical advantage,” he said.

In summary, RSA’s OTMS group has seen evidence that no organisation can consider itself immune from advanced cyber attacks. All organisations should assume their networks are infected and have a well-tested plan in place to follow when systems are breached.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.